CVE-2021-35979 - Vulnerability Details

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00276.

Key SSVC decision points have not yet been added.

Vendors	Products
Digi Subscribe	6350-sr Subscribe 6350-sr Firmware Subscribe Cm Subscribe Cm Firmware Subscribe Connect Es Subscribe Connect Es Firmware Subscribe Connectport Lts 8\/16\/32 Subscribe Connectport Lts 8\/16\/32 Firmware Subscribe Connectport Ts 8\/16 Subscribe Connectport Ts 8\/16 Firmware Subscribe One Ia Subscribe One Ia Firmware Subscribe One Iap Family Subscribe One Iap Family Firmware Subscribe Passport Integrated Console Server Subscribe Passport Integrated Console Server Firmware Subscribe Portserver Ts Subscribe Portserver Ts Firmware Subscribe Portserver Ts M Mei Subscribe Portserver Ts M Mei Firmware Subscribe Portserver Ts Mei Subscribe Portserver Ts Mei Firmware Subscribe Portserver Ts Mei Hardened Subscribe Portserver Ts Mei Hardened Firmware Subscribe Portserver Ts P Mei Subscribe Portserver Ts P Mei Firmware Subscribe Realport Subscribe Transport Wr11 Xt Subscribe Transport Wr11 Xt Firmware Subscribe Wr21 Subscribe Wr21 Firmware Subscribe Wr31 Subscribe Wr31 Firmware Subscribe Wr44 R Subscribe Wr44 R Firmware Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:digi:realport::::::linux::*
	cpe:2.3:a:digi:realport::::::windows::*

Configuration 2 [-]

AND

cpe:2.3:o:digi:connectport_ts_8\/16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_ts_8\/16:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:digi:connectport_lts_8\/16\/32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connectport_lts_8\/16\/32:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:digi:passport_integrated_console_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:passport_integrated_console_server:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:digi:cm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:cm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:digi:portserver_ts_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:digi:portserver_ts_mei_hardened_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_mei_hardened:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:digi:portserver_ts_m_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_m_mei:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:digi:6350-sr_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:6350-sr:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:digi:portserver_ts_p_mei_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:portserver_ts_p_mei:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:digi:transport_wr11_xt_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:transport_wr11_xt:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:digi:one_iap_family_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_iap_family:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:digi:one_ia_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:one_ia:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:digi:wr31_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr31:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:digi:wr44_r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr44_r:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:digi:connect_es_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:connect_es:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:digi:wr21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:digi:wr21:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-22612	An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/main/2021-02.txt

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-08T14:21:22

Updated: 2024-08-04T00:47:42.592Z

Reserved: 2021-06-30T00:00:00

Link: CVE-2021-35979

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-10-08T15:15:08.917

Modified: 2024-11-21T06:12:52.853

Link: CVE-2021-35979

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-306

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object